48390f14a8804aa32dc52fe2dc1417a48a64affaaa3a8c462a480b34719f48e5

Analysis

max time kernel
44s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 21:06

Target

48390f14a8804aa32dc52fe2dc1417a48a64affaaa3a8c462a480b34719f48e5.dll
Size

31KB
MD5

f6d5c87c843c1984d94aed9fa0ebfe60
SHA1

a70af77c350a2cd120289410b08117003d803472
SHA256

48390f14a8804aa32dc52fe2dc1417a48a64affaaa3a8c462a480b34719f48e5
SHA512

3347c01602af55c852bf9b525177c5171fff72ca05525508f6b77e165d44bf937a21cde33e1baead4dbfbe8f0d4b6b9ba5b38e543ca2e01ccf5581b4eca4aaa9
SSDEEP

768:qVJWA1CqWe0PamHQ267tM/AChqDERIEmguf:ikA1kPamM7tEhkYRIEte

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 852 wrote to memory of 1696	852	rundll32.exe	27
PID 852 wrote to memory of 1696	852	rundll32.exe	27
PID 852 wrote to memory of 1696	852	rundll32.exe	27
PID 852 wrote to memory of 1696	852	rundll32.exe	27
PID 852 wrote to memory of 1696	852	rundll32.exe	27
PID 852 wrote to memory of 1696	852	rundll32.exe	27
PID 852 wrote to memory of 1696	852	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\48390f14a8804aa32dc52fe2dc1417a48a64affaaa3a8c462a480b34719f48e5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:852
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\48390f14a8804aa32dc52fe2dc1417a48a64affaaa3a8c462a480b34719f48e5.dll,#1
  2⤵
  PID:1696

memory/1696-55-0x0000000074E41000-0x0000000074E43000-memory.dmp

Filesize
8KB

Download